Slashdot Mirror
AppleCare Reps Told To Skirt Malware Questions
Dominare writes with this bit from ZDnet: "'A confidential internal Apple document tells the company's front-line support people how to handle customers who call about malware infections: Don't confirm or deny that an infection exists, and whatever you do, don't try to remove it.' So basically, now that Macs have their own equivalent to XP Antivirus the best you can hope for is to be pointed at the store where you can buy something that may or may not fix your problem ... nice."
If you think Apple software is inherently secure, read up on some of the past Pwn2Own contests.
Don't kid yourself - the only reason OS X doesn't have much malware (yet) is that Windows is used by far more people and is therefore a juicier target.
if you use Windows you get infected just by connecting to the internet. I've never had such experience with my Mac.
I've never had such experience with my Windows box nor have millions of other Windows users. If they did, they would leave Windows by the millions a day looking to either OSX or word of Linux would spread like wildfire (like Facebook did for millions of people).
Attention... all grammer nazi"s! Is they're anything; wrong with: my post,
No, it was a reasonably observation. I don't own any Apple products, never have and likely never will, but you have to recognize that if they haven't finished whatever investigation they need to do, they can easily make things worse by making the wrong recommendation.
From the article: "Microsoft provides free telephone support for security issues to all customers, regardless of whether the software was purchased at retail or as part of a new PC. Microsoft Support Article 129972 (last updated May 17, 2011) contains these instructions:"
Everyone that disagrees with me is a paid shill
Certainly the best way to deal with a problem is to deny that it exists altogether. I guess so long as people have faith that a mac is somehow immune (be it to actual virii or user error induced malware installs), and they keep selling, that's all that matters.
Steve must have been taking lessons from some govn't agencies.
Sent from my PDP-11
Microsoft Malicious Software Removal Tool? Microsoft Security Essentials?
To be fair, poorly configured linux servers are pwned all the time.
Yeah, for a while now.
Attention... all grammer nazi"s! Is they're anything; wrong with: my post,
Apple declares: Fuck it, we're evil
"But our stuff is sooo good. You’ll keep taking our abuse. You love it, you worm. Because our stuff is great. It’s shiny and it’s pretty and it’s cool and it works. It’s not like you’ll go back to a Windows Mobile phone. Ha! Ha!"
http://rocknerd.co.uk
OSX by its roots (BSD) means it doesn't get the kind of malware that plagues all those M$ Windows computers.
Security by association? Many windows holes aren't a direct attack on the kernel either. Most expose vulnerabilities in network services or commonly used apps. If you think that OSX is immune from infection due to some mystic link to an OS written by bearded folk you're delusional. Every programmer at some point leaves a bug that could be exploited in a network attached program. Even programs like OpenSSH (with your precious BSD heritage) have had their fair share of vulnerabilities in the past.
Malware is a money making industry. If it becomes profitable to attack OSX, and if OSX becomes common enough to allow viruses to spread (if a certain percentage of a population is immune viruses are often prevented from spreading) you can kiss you sweet security by link to bearded men goodbye, as well as security by lack of motivation.
Heck there was a denial of service attack that could be performed on Windows as a result of the Bonjour service. What is Bonjour service? Something written by Apple installed with iTunes.
I hear that Sony has some "recently available" security engineers, maybe Apple should hire them to work the phones.
Like connect to the internet without first spending some money on one or more anti-virus packages? Windows is the only current OS which connects to the internet with its legs wide open.
Every Windows OS since XP SP2 has had the Firewall built in and turned on by default.... Nice try though
Attention... all grammer nazi"s! Is they're anything; wrong with: my post,
All you have to do is go into Safe Mode. http://support.apple.com/kb/HT1455 Then go into the Applications Folder > Choose MacDefender.app > Move to Trash. (in Safe Mode) Reboot normally and reset Safari.
I'll never understand why people like you spread so much FUD. I mean if you don't like Windows - don't use it. Why make stuff up? And if you make stuff up at least make it logical.
hey, this is a web page claiming that your infected, click ok!!
umm, you clicked cancel, you really want to click ok, ok??
you know, it doesn't matter which button you push, both result
in the continuation of this racter like discussion.
wow, you clicked ok, wait while I install some software to 'help' you.
oh, while installing I noticed that I will need your password to continue....
wow, you gave me your password, can you google pwn3d ?
works on PC, works on Mac, likely works on every other modern OS.
this isn't an exploit via bug, its an exploit via user, if you drop your pants in front of a glory hole......
that said Apple isn't really helping by avoiding the topic.
Unix, an obscure operating system developed by bored researchers in an attempt to get a better game playing experience.
They gave me a free GigE card (at their suggestion) when I had problems with the built in ethernet on the logic board on a Powermac G5 and didn't have the time to take it in for repair because it was an edit machine.
They replaced my brother's iBook, 3 days out of warranty, because it was close to the expiry date and it was unfortunate.
They shipped a fresh set of Universal Binary Final Cut Studio disks to me for postage cost when the Intel switch came about, so we wouldn't have to buy the newer version of the suite to be able to run it natively.
Oh I'm sure I have a few more.
They also do "Macs form [sic] dummies" for those who yank their power cord from the wall socket by the cable and wonder why it frays and catches fire, or who throw their laptop in a bag with no case and wonder why the surface gets all scratched and so on.
They also deal with regular people who have hardware and software problems.
Welcome to our world. I agree that the OP is spreading Windows FUD like it's going out of style, but I guess you just got a taste for what it;s like to be a Mac/iOS user for a few minutes on slashdot. You just have to roll with it - some people just get set in a "xxx sucks/is evil!" mindset and you can't really argue with it.
FTR, I am ambivalent about other people's operating system choice: use what works for you. I do find though, that I have to defend my own choice of OS far more often than I ever give a negative opinion of any other OS out there, especially on slashdot. It does get wearisome.
The crux of the current problem is a setting in Safari that allows the computer to open"safe" documents automatically. The issue with that checkbox has been known for over a year and its one of the things I remember to do is to uncheck it (as it has been defaulted to checked, open those documents.)
Apple could have done an update to uncheck that box, or better yet remove the feature, but it sadly remained and now they are going to have to pay for thier ignorance of the issue.
"Enjoy what you're doing! If it becomes drudgery, you're doing it wrong!" - Jim Butterfield
And if you RTFA, you'll find that Apple and MS do the same damned thing: Tell the user to get some antimalware software to get it out.
Shouldn't front-line support people actually know if it's actual bad malware or not? If it is, this is remarkably stupid to neither confirm nor deny that it even exists. That seems like it came from marketing, not tech support. sigh.
You should probably read the article. Apple is not telling its staff to deny that the malware exists, it is directing that the support staff should not confirm or deny that the software is installed on a specific Mac and should not try to remove it. Instead Apple is directing the customer to a specified documentation providing general information about malware. Apple is declining to remove software, which the customer has installed and subsequently changed their mind about. Sigh.
All sold by Microsoft.
Its like when you buy office software from an Apple Store and they showing you Microsoft Office. They didn't program it, but they will happily sell it to you, thus the the Apple store does sell office programs. And games, music, movies on iTunes but they didn't make any of them.
Attention... all grammer nazi"s! Is they're anything; wrong with: my post,
The problem is Apple is NOT an OS maker, they are a system maker. In particular they make a unified system where they do it all. If you talk to a Mac head this is one of the things they talk about being so great, that Apple creates a "unified experience" and supports everything. They push the model of "Just bring it to the Mac store," as how you handle support and all that.
Fine but that means that you are going to get questions about malware and the like. They can't play it off with "But MS doesn't help!" They are selling the "We are the company that takes care of you and makes everything," they get to deal with the support calls.
Also, MS DOES in fact help with that shit. If nothing else they publish the malicious software removal tool (which Windows get automatically) and make Microsoft Security Essentials available for free. While they don't do everything, they do provide free tools to help.
Actually, it's finely-ground silica glass, imported from Tibet, verified to contain no particles thicker than 9.3 mm.
Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
Even programs like OpenSSH (with your precious BSD heritage) have had their fair share of vulnerabilities in the past.
Clue me in, what is the "fair share" for a program such as OpenSSH? A zero-day on OpenSSH is the rough equivalent of raising the Libyan flag at the center of the Pentagon.
I can't stand the thinking that buffer overflows are a fact of life. Only if you believe that shoddy workmanship is a fact of life. Subtle edge cases in a tricky protocol account for maybe 1% of the buffer overflows out there. The majority are copy first, ask questions later. There are plenty of these people out there programming computers; very few of these people are accepted into med school. The root cause of most buffer overflows in commercially important applications with large, well-resourced development teams is the network effect. There's a hideous pressure to be first, rather than right, or solid and tight.
Imagine if PC Magazine back in the fat 1980s had a penetration testing department that stamped "did not qualify" on every beta software product tested where any serious failure mode was tripped. But no, if the software could do one important function correctly 10% faster than the next piece of software (by hook or by crook), it was stamped "editor's choice".
In sports forums where there is serious discussion about prospects, this is ridiculed as "saw him good". There's always a contingent out there drooling over the next hockey jesus with the flashy stick move who leaks the puck in his own end ten times per shift, and wailing with incomprehension over why the professional hockey minds have his ass stapled to the bench or racking up demotion miles to a lower league.
The only difference is that in software, your pimply hockey jesus is referred to as the next "killer app". A certain type of consumer is busy drooling over the 30 second highlight reel without any real concern over whether the kid is willing to learn how to play a two-way game for sixty minutes.
Moral of the story: you get what you drool over.
Apple is trying to protect themselves from becoming a helpdesk, which is something they are not. They are very clear about this. The Genius Bar is also, very clear about this. They are not a help desk, and in advanced cases support comes at a price. Just as apple is not on the other side of the phone to teach you what each keyboard shortcut does, they're not there to fix every little computer problem you have. You can't call apple if you delete a photo, and all the same you can't call apple if you clicked a link and had your system violated.
The major problem is that we now have to recognize exactly what this means. This does not mean that the mac is more or less vulnerable, because it's not - it is exactly as vulnerable as it was before. The problem is that as the total users of Apple computers grows, the ratio of of (minority) secure users to (majority) vulnerable users grows in distance. As the Apple becomes more popular, the chance of the user interacting with the system is likely to follow a malicious link, open a malicious email, or fall for a malicious ad, is greater; there is a higher chance that this user is the type of user interacting with the system, as these are the most common users on the internet.
This is a trend that was not witnessed with PCs, as by the time Malware became a heavy component of the PC/Internet world, PCs had penetrated every aspect of the general public. Mom and little brother would follow any link to their hearts content, would want to help the Nigerian Prince, and would feel obligated to save the Penguins of North Africa. Apple has now begun penetrating this market as well, and it can only be assumed that the same ignorance will also affect the Apple community.
You can secure a computer all you want, it's very difficult to keep most people from clicking the latest joke link and falling for any one of the thousands of ads they'll see in a 5 minute time period. The only perfect solution, is to not let them on the computer at all.
A confidential internal Apple document
Speaking of security...
To be fair, I have never had any malware with OSX and I'm certain I will not. OSX by its roots (BSD) means it doesn't get the kind of malware that plagues all those M$ Windows computers.
To be fair, I have never had any malware with Windows and I'm certain I will not. All (read that again, "all") operating systems are vulnerable to malice, and all (once again, "all") operating systems can be made mostly impervious to malice. All it takes is a little proactive prevention. In a system like Linux, it's configuring your security and permission settings properly and modifying software settings so they're not running on default ports, etc. And keeping everything up to date at all times. On Windows where things aren't so customizable, you are usually best off behind a hardware and/or software firewall with realtime and scheduled-scan antivirus software running. On Macs you haven't really needed to worry much because Macs have never been a target for widespread malice. On all systems, user incompetence can completely outdo even the strongest security configurations because all you need to do is download miley_cyrus_real_nude_pic.jpg.exe, run it, enter your root password, and hit Allow Forever on every antivirus popup that opens.
As the Mac market share increases, Mac malware will become more and more widespread. Just you wait. The only reason they have the least viruses (note that they DON'T have NO viruses) is because the market share has been so small that Windows has been a much more profitable target.
If you give our your root password to a random program, well, you're stupid.
Actually, you no longer have to give out the root password. The unix security model has long since been replaced on linux and OSX systems with a scheme that accepts your personal password, and "escalates" it to root permission. If you use the sudo(8) command, you may have noticed that it now asks for your password rather than root's, and that suffices to get root permission. This means that if you've given your own password to any of those popup windows that request it, you have given them "root" access to everything on your machine. Unless you have the source code and have compiled it yourself, you don't know what that program did with your password. You also don't know how many databases scattered around the Net also now contain your login id and password, allowing their owners to do the same any time they like.
Yes, this capability can be disabled. But this privilege escalation is enabled by default. Do you know how to disable it? (Without looking it up; be honest now. ;-) I've found that hardly any linux or OSX users can answer this when I ask them.
Really, the only remaining vestige of actual security on linux or OSX is the local custom of asking your permission to do something, rather than just using its cached copy of your password that you don't know about. But we can expect that software is being developed that, once it's tricked you into divulging your password, never asks for it again, but just uses it to get root permission thereafter. And note that none of this requires knowing your root password.
Of course, this is still somewhat more secure than the Windows scheme of doing "system" updates without asking permission, even if you've disabled automatic updates. MS has admitted that this feature has been in Windows since XP. So all it takes is greasing the right palms at MS to get access to this, and you can "upgrade" any part of a Windows box's "system" to include your code any time you can reach it from the Net.
Anyway, lest someone thing I'm kidding, I just opened my handy Macbook Pro, fired up a Terminal window, and typed:
gavving:/Users/jc: id
uid=501(jc) gid=20(staff) groups=20(staff),98(_lpadmin),81(_appserveradm),79(_appserverusr),80(admin),101(com.apple.sharepoint.group.1)
gavving:/Users/jc: sudo csh
Password:
gavving:/Users/jc: id
uid=0(root) gid=0(wheel) groups=0(wheel),1(daemon),2(kmem),8(procview),29(certusers),3(sys),9(procmod),4(tty),5(operator),80(admin),20(staff),101(com.apple.sharepoint.group.1) gavving:/Users/jc:
I typed my own password to the Password: prompt, not root's (and they're different). Note that I became root when I did this. This also works on my two linux boxes.
(Bonus points if you can name the SF novel that the machine's name came from ;-)
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
Shouldn't front-line support people actually know if it's actual bad malware or not? If it is, this is remarkably stupid to neither confirm nor deny that it even exists. That seems like it came from marketing, not tech support. sigh.
You act like they're separate divisions. =D
you guys are great. Mac folks praise the hand holding and the fact that a Mac just won't let you do anything bad. Then in the same breath they say, well you're just stupid, it's your fault the hand holding, infallible Mac didn't stop you.
Mac, the computer any stupid user can use, but don't come crying when you do something stupid. Despite the fact that we reassured you constantly that your own stupidity wasn't a problem, of course...
Can you guys just make up your minds? Is it the computer for everyman or just the tool of a bunch of elitist trend followers whose idea of "choice" is a locked down platform?
Ok, so I read it.
Apple is declining to remove software, which the customer has installed and subsequently changed their mind about. Sigh.
So here's what I don't understand. The user installed it. The user apparently figures out that's a problem and calls AppleCare. What's AppleCare there for? Only to answer questions/help users if there is an actual bug in an Apple product? I guess what I don't understand is this: I would have expected, at least eventually, to be helped even if it IS my mistake. Even Verizon does that. Mess up your wireless settings? They walk you through that. In fact, they walk you through that whether or not that is your problem ;)
To me, this is like saying the following: We know this software is bad and you were tricked into installing it; however, since we don't want to go down the path of having to hire enough people to help clean their system from their own mistakes, we'll just point you to some documentation and let you figure it out.
At least, reading the article, that's what it sounds like to me. That doesn't sound like much in the way of customer/tech support. It sounds more like what I would consider the general attitude of Linux techies to be ;) (it's probably just a select few that come off that way; it does give us a bad name though.)
Except this isn't a virus. It's a Trojan. It cannot spread/replicate itself, and it cannot infect a Mac unless you willingly install it by giving it your admin password. If you don't know the difference between the two, then you probably shouldn't be posting here.
not sure what the /. issue with the guy is
ed bott makes a living writing privately (for news sites and publishing his own books) on technology topics, mostly about windows - he likes windows, he writes about it, and publishes his work. getting paid to do what you like in a field that you like doesn't make you a shill. it makes you happy. it's a pretty cynical worldview, to assume that people aren't doing honest things because they like them, but instead dishonest things because a MegaCorp is paying them BIG BUX
on TFA, i don't see what "bias" you want to find in facts - the document exists. apple documents have an anti-apple bias, is what you are trying to say? facts have an anti-apple bias? of course not, that's silly.
you guys are great.
Thanks!
Mac folks praise the hand holding and the fact that a Mac just won't let you do anything bad.
Dude, I live on the command line in my Mac. Won't let me do anything bad? On what planet?
Then in the same breath they say, well you're just stupid, it's your fault the hand holding, infallible Mac didn't stop you.
Nope: I say that on any platform that DOES give you the freedom Mac OS X gives you, this is literally unavoidable (well, except by being knowledgable enough to not do stupid things like installing rogue software and giving it root privs).
Can you guys just make up your minds?
Can you stop shooting down straw men?
As someone who fixes said boxes 6 days a week, allow me to shed some light on why that is. I have found a good 90% of viruses on machines can be traced back to one of four attack vectors. 1.- The "you want teh hot lesbos? you need to run our Iz_not_Viruz_iz_codec.exe to play teh vidz!" 2.- The "ZOMg you got teh viruz! To fix run our Iz_not_Viruz_iz_cleanerz.exe to get rid of it ZOMG!" 3.-The "Use the new Limewire (Iz_not_Viruz_iz_Limewirez) to download teh latest Titney_Spearz.mp3.exe tunez today!" and 4.-"Hey my BFF sent me a funny cat video! It says I should run Iz_not_Viruz_iz_LOLCatz to see teh kittiez!"
Notice how in NONE of those attacks did the underlying OS make a difference in any way, shape, or form, because it was the USER actively helping the malware? The last real security issue in Windows, the "hey lets have everyone run as admin!" died when Vista came out. That is why you're seeing more third party like flash exploits and a shitload of social engineering, because the malware writers know the best way to get around security is have the user help you and frankly it is beyond easy.
Trust me Linux guys, you ever get the numbers OSX now has? you'll be seeing Iz_not_Viruz_iz_screensaver.sh and the users WILL run it. Look up "KDE screensaver bug" to see it HAS happened in the past and it WILL happen again in the future. The reason why you're not a target now is the numbers simply aren't there and like most criminals malware writers are lazy and go for the lowest hanging fruit, and that is the Iz_not_Viruz_iz_(fill in the blank).exe by a HUGE margin.
ACs don't waste your time replying, your posts are never seen by me.
Not at all, but look at the headline, and compare it to the actual content. While he does indicate in the article itself that Apple's stance on this is "ongoing investigation", he jumps right to the punchline and cherry picks some nice juicy bits out.
If he "likes windows and writes about it" then he sure does like his negative Apple stories too. Funny that - pro MS, anti-Apple... Now, I'm not accusing him of being a shill - I think the word is thrown around far too frequently and cynically around here (and note, I did not call him so in my OP), but there's not much positive coming from him on OS X, and plenty negative. One might suggest if he's that unhappy with OS X that he simply stop using it, or reporting on it, but those ad impressions are all important for the people who pay him I guess.
I've got no problem with positive MS writers, goodness I even know people who work for the small, Redmond-based software startup, but there's lately been an undertow of "sensationalise anything negative about Apple" in the tech press of late, this being one of those occasions (of course, alongside the usual tiresome Apple gadget hype, but when is that new?).
No, what I'm saying is there are currently NO viruses in the wild for Mac. How you came away with "Mac is invulnerable" from my statement above is a bit odd. Since I never mentioned any other malware but this one trojan. As far as real viruses, contrast that with 100,000+ viruses for Windows OS and you begin to see a bit of a difference between the two OS's. Saying that a trojan is a virus is nonsense. A virus attacks via vulnerabilities in the OS which should be addressed and closed. A trojan can only attack via the user (socially engineered). Any OS can be infected by a trojan if they are able to dupe the user into giving up the admin password. No OS is secure from user exploits.
Dimensions
115.2 mm (4.54 in) (h)
58.66 mm (2.309 in) (w)
9.3 mm (0.37 in) (d)
Can I get a "woosh"?
Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
It does not say anything about not admitting that there is a problem
You should not confirm or deny whether the customer’s Mac is infected or not.
Ummm..
"The true measure of a person is how they act when they know they won't get caught." - DSRilk
Also..
By the way - it's not an internal document, but an anonymous employee being cited.
http://i.zdnet.com/blogs/apple-macdefender-investigation-may-16-2011.png
(click the image in the article, if this doesn't work for you).
Umm..
Sorry buddy, you were wrong on both counts. Seems like you need to read the article again, zealot.
"The true measure of a person is how they act when they know they won't get caught." - DSRilk
There is a reason for this that most people eager to hate will conveniently overlook, Applecare does not cover malware. Apple is not bound by any agreement to diagnose or remove malware or repair problems caused by an an infected program or file. Also, if a Apple employee were to remove a file from an end user's computer and the computer stopped functioning in any way, Apple would be liable. They don't do it. Don't confuse their unwillingness to do stupid shit that leaves them at risk of a lawsuit as them "skirting" an issue.
Yup. And Linux's dominant market share in the server space means that it's an even juicier target. Which is why you hear about so many pwnt Linux boxes on the web.
http://www.zone-h.org/news/id/4737
Last year the Zone-H archived a sad record number, we archived 1.419.203 websites defacements. Why and how this is happening? [...] Since many years ago, Linux became the most used OS for webservers and of course the preferred target for the defacers. Last year we archived 1.126.987 attacks against websites running on the Linux systems. The most used exploit by the defacers is the CVE-2010–3301, that was fixed in 2007 and was mysteriously reintroduced in 2008, in a large pile of kernel versions x86_64.
You are obviously right - 80% of website defacements last year all dues to rooted Linux servers - and you don't hear about it, so it must not have happened.
Fandroids hate facts.
MS includes a monthly malware detection scan in Windows Update. The also supply the free Security Essentials and support for using it.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
If you ever got support for some PC, you would know that after 3 minutes of tinkering they would default to the Factory reset, procedure. Something that might solve the problem (and remove alll custormer data... but hey... you got a backup not?).
Most helpdesks do not support 3th party software anyway, even if that software was installed via a exploit. You could call malware 3th party software. And then, there is software that is not clearly malware (like browser bars), that are installed with a question, but only make clear what they do if you manage the 10 page TOS.
So the consensus seems to be that Apple has convinced its users that they can't get viruses and don't need anti-virus, which is bad.
In fact, these users are apparently so convinced that they don't need anti-virus and can't get a virus, that the minute a web page tells them they do have a virus (which they believe they can't get), they download the fake anti-virus package (possibly paying for it first even though they believe they don't need it), double-click on the installer, click on "OK" to get past the "this may be malware" warning, click through the installer prompts and finally type in the administrator account user name and password to allow installation to proceed. You know, proceed to install that anti-virus package that Apple, being evil, convinced them they didn't need to install.
Seriously, is this some kind of new low? Asserting that people are convinced they don't need anti-virus and that's why they're installing anti-virus? :-)
Apple are indeed *so* desperate to deny that anti-virus is needed that they allow Intego AntiVirus to be sold through the Mac App Store of all places. That app's description even has headlines warning about this particular trojan, so it's up to date.
http://itunes.apple.com/gb/app/virusbarrier-plus/id430337549
Two obvious suggestions:
http://www.zdnet.com/blog/security/apple-adds-malware-blocker-in-snow-leopard/4104